Ahead of Cybertech Global TLV, Moshe Karako, CTO at NTT Innovation Laboratory Israel, breaks down the fundamentals of this approach

BIGSTOCK/Copyright: Toppercussion

Zero Trust is an information security doctrine that presumes a situation in which hackers, malwares or viruses have already managed to penetrate a company’s security layers, and given this presumption – all that can be done is minimize their ability of lateral movement, information access and penetration / disruption of additional systems.

Today’s organizations require a new security model that can adapt more efficiently to the complex modern environment, which includes remote working practices and cloud transition, a model that is capable of adopting the hybrid workplace and protecting people, devices, apps and data at all locations.

In fact, adopting the Zero Trust model would probably be your organization’s best decision for 2022.

Rather than assume that everything behind the organization’s firewall is safe, the Zero Trust model assumes that each and every request or breach originate in an open network. Regardless of the request’s source or resource access, Zero Trust teaches us to “never trust, always verify.”

Therefore, any request for access is authenticated, authorized and fully encrypted before access is granted. Micro segmentation and least privilege access principles are applied in order to minimize movement opportunity outside the authorized areas. Network intelligence and analysis enable real-time detection of any anomality, as well as real-time response.

Zero Trust principles

1. Verify explicitly: Verify the identity of all factors in the system. Perform continuous verification and approval based on all available data points, including user ID, location, device integrity, service or workload, data classification and anomality detection.

2. Least privileged access: limit real-time access according to needs, employing the just-in-time (JIT) or just-enough-access concept. User access should be defined and limited to the need of the specific concept, so that a user will only have the most minimal access possible to the type of activity taking place at a given time.

For example, a user who requires read-only access on a certain machine will only get this type of access, and for a limited time.

3. Assume breach: always assume that your network was breached. Minimize as much as possible access radios for all users and services. Verify end-to-end encryption and use traffic analysis for visibility and maximizing threat detection.

At first glance, these principles might appear complicated to implement, especially in pre-existing systems. However, if you break them down to well-defined sub-missions, the Zero Trust doctrine can be fulfilled without harming an organization’s productivity or complicating its systems.

The first step of applying the Zero Trust doctrine is charting a goal-based road map, which includes time frames and clear, measurable landmarks at each phase.

Roadmap elements

Identity management: how different factors in an organization identify, and what is the level of access granted to each identity. The guiding principle is minimal access. We would look into who might be holding excessive privileges, and how to handle identities that are no longer required (off boarding).

End points: end points must be visible, and we must know where they are, what is installed on them and whether they are properly secured. We need to make sure that each endpoint is secure before granting access privileges.

Applications: which apps are installed on an organization’s systems, and what access level is required for their proper functioning. Do we have apps that are over privileged?

Data management: where in the organization is our data located, what are the privileges, what are its backups and are they hot or cold, what are our plans in case of a data leak (this is a good time to discuss encryption options), and what are our solutions in case data is deleted – whether deliberately or by mistake.

Network security: we must verify that users and appliances aren’t trusted solely because they are on the organization’s network. All internal communication must be encrypted and privileges limited. In addition, employ segmentation and real-time threat detection solutions.

Network management: collect telemetry and implement an anomaly isolation and neutralization policy. Use a system or services that can simulate penetration, lateral movement, and other forms of attack.

Awareness development: prepare a training program and organized protocols for your organization’s various teams, such as IT, data security and those who are at decision-making crossroads during a cyber attack. Also, train to raise awareness for social engineering and phishing.

In conclusion, one can say that the Zero Trust doctrine is the most advanced collection of rules and ways of thinking in existence today for enterprise security against the ever-growing array of cyber threats. This doctrine allows for preliminary assessment and is designed to face the majority of threats known to the organization, as well as yet-unknown threats (zero day attacks).

Given that the Zero Trust doctrine takes the strict approach by restricting access, in some cases it can prevent cases of theft committed by someone with privileges, those information leaks and penetrations that might take place – accidentally or intentionally – by the organization’s employees themselves.

Moshe Karako, CTO at NTT Innovation Laboratory Israel, will participate in Cybertech Global Tel Aviv, which will take place between March 1st and 3rd, 2022. He will host a special side event titled “NTT – Your Gateway to Japan and the World.” For additional information, please visit the event’s official website.

Credit for Moshe Karako’s photo: Michal Levi